vmp2
/
vmprofiler
3
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'master' of https://githacks.org/vmp2/vmprofiler

Browse Source
merge-requests/18/merge
_xeroxz 3 years ago
parent 6e545e452f 573cc04fc1
commit 607ad8f985
4 changed files with 94 additions and 4 deletions
Show Stats Download Patch File Download Diff File

16
include/vmprofiles.hpp
Unescape View File

@ -75,6 +75,11 @@ namespace vm::handler
SHLD_W,
SHLDB,
SHRDQ,
SHRDW,
SHRD_W,
SHRDB,
SHRQ,
SHRDW,
SHRW,
@ -162,10 +167,15 @@ namespace vm::handler
extern vm::handler::profile_t shlq;
extern vm::handler::profile_t shldw;
<<<<<<< HEAD
extern vm::handler::profile_t shlw;
extern vm::handler::profile_t shldq;
=======
>>>>>>> 573cc04fc1804ac328b555bb1136d132d858a6fe
extern vm::handler::profile_t shlddw;
extern vm::handler::profile_t shrddw;
extern vm::handler::profile_t nandq;
extern vm::handler::profile_t nanddw;
@ -174,6 +184,7 @@ namespace vm::handler
extern vm::handler::profile_t writeq;
extern vm::handler::profile_t writedw;
extern vm::handler::profile_t writew;
extern vm::handler::profile_t writeb;
extern vm::handler::profile_t readq;
@ -205,8 +216,13 @@ namespace vm::handler
&lconstbsxdw, &lconstbsxq, &lconstdwsxq, &lconstwsxq, &lconstwsxdw, &lconstdw, &lconstw, &addq,
&adddw, &addw, &addb, &popvsp,
<<<<<<< HEAD
&shlq, &shldw, &shlw, &writeq, &writedw, &writeb, &nandq, &nanddw,
&nandw, &nandb,
=======
&shlq, &shldw, &writeq, &writedw, &writew, &writeb, &nandq, &nanddw,
&nandw, &nandb,
>>>>>>> 573cc04fc1804ac328b555bb1136d132d858a6fe
&shlddw, &shldq,

4
src/vmprofiles/shld.cpp
Unescape View File

@ -81,11 +81,11 @@ namespace vm::handler::profile
instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&
instr.operands[ 1 ].mem.base == ZYDIS_REGISTER_RBP;
},
// MOV RDX, [RBP+0x4]
// MOV EDX, [RBP+0x4]
[]( const zydis_decoded_instr_t &instr ) -> bool {
return instr.mnemonic == ZYDIS_MNEMONIC_MOV &&
instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&
instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_RDX &&
instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_EDX &&
instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&
instr.operands[ 1 ].mem.base == ZYDIS_REGISTER_RBP && instr.operands[ 1 ].mem.disp.value == 0x4;
},

74
src/vmprofiles/shrd.cpp
Unescape View File

@ -0,0 +1,74 @@
#include <vmprofiler.hpp>
namespace vm::handler::profile
{
vm::handler::profile_t shrddw = {
// MOV EAX, [RBP]
// MOV EDX, [RBP+0x4]
// MOV CL, [RBP+0x8]
// SUB RBP, 0x2
// SHRD EAX, EDX, CL
// MOV [RBP+0x8], EAX
// PUSHFQ
// POP [RBP]
"SHRDDW",
SHRDW,
NULL,
{ { // MOV EAX, [RBP]
[]( const zydis_decoded_instr_t &instr ) -> bool {
return instr.mnemonic == ZYDIS_MNEMONIC_MOV &&
instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&
instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_EAX &&
instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&
instr.operands[ 1 ].mem.base == ZYDIS_REGISTER_RBP;
},
// MOV EDX, [RBP+0x4]
[]( const zydis_decoded_instr_t &instr ) -> bool {
return instr.mnemonic == ZYDIS_MNEMONIC_MOV &&
instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&
instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_EDX &&
instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&
instr.operands[ 1 ].mem.base == ZYDIS_REGISTER_RBP && instr.operands[ 1 ].mem.disp.value == 0x4;
},
// MOV CL, [RBP+0x8]
[]( const zydis_decoded_instr_t &instr ) -> bool {
return instr.mnemonic == ZYDIS_MNEMONIC_MOV &&
instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&
instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_CL &&
instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&
instr.operands[ 1 ].mem.base == ZYDIS_REGISTER_RBP && instr.operands[ 1 ].mem.disp.value == 0x8;
},
// MOV CL, [RBP+0x8]
[]( const zydis_decoded_instr_t &instr ) -> bool {
return instr.mnemonic == ZYDIS_MNEMONIC_MOV &&
instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&
instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_CL &&
instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&
instr.operands[ 1 ].mem.base == ZYDIS_REGISTER_RBP && instr.operands[ 1 ].mem.disp.value == 0x8;
},
// SHRD EAX, EDX, CL
[]( const zydis_decoded_instr_t &instr ) -> bool {
return instr.mnemonic == ZYDIS_MNEMONIC_SHRD &&
instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&
instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_EAX &&
instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&
instr.operands[ 1 ].reg.value == ZYDIS_REGISTER_EDX &&
instr.operands[ 2 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&
instr.operands[ 2 ].reg.value == ZYDIS_REGISTER_CL;
},
// MOV [RBP+0x8], EAX
[]( const zydis_decoded_instr_t &instr ) -> bool {
return instr.mnemonic == ZYDIS_MNEMONIC_MOV && instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&
instr.operands[ 0 ].mem.base == ZYDIS_REGISTER_RBP &&
instr.operands[ 0 ].mem.disp.value == 0x8 &&
instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&
instr.operands[ 1 ].reg.value == ZYDIS_REGISTER_EAX;
},
// PUSHFQ
[]( const zydis_decoded_instr_t &instr ) -> bool { return instr.mnemonic == ZYDIS_MNEMONIC_PUSHFQ; },
// POP [RBP]
[]( const zydis_decoded_instr_t &instr ) -> bool {
return instr.mnemonic == ZYDIS_MNEMONIC_POP && instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&
instr.operands[ 0 ].mem.base == ZYDIS_REGISTER_RBP;
} } } };
}

4
src/vmprofiles/write.cpp
Unescape View File

@ -87,8 +87,8 @@ namespace vm::handler::profile
// MOV DX, [RBP+0x8]
// ADD RBP, 0xA
// MOV [RAX], DX
"WRITEB",
WRITEB,
"WRITEBW",
WRITEDW,
NULL,
{ { // MOV RAX, [RBP]
[]( const zydis_decoded_instr_t &instr ) -> bool {

Write Preview
Loading…
Cancel
Save